summaryrefslogtreecommitdiff
path: root/etc
AgeCommit message (Collapse)Author
2016-11-25Increase default datasize limit from 512M to 768M on amd64. ThisAlexander Bluhm
allows to build xenocara with extra options in malloc.conf. OK deraadt@
2016-11-20Fix up some permissions in RELEASEDIR and /var/sysmerge.Theo Buehler
help, testing & ok rpe
2016-11-19Enable builds with a dedicated user that cannot elevate privileges or writeTheo Buehler
to /usr/src or /usr/xenocara. Change /usr/{,x}obj to owner build:wobj with mode 770 and install the systemwide makefiles before starting a build. The root of the noperm fs containing DESTDIR should also be owned by build:wobj. Developers will need to add their users to group wobj to be able to write to /usr/{,x}obj/. "push forward" deraadt; testing, input & ok rpe
2016-11-17syncStuart Henderson
2016-11-15Introduce the build user and the wobj group that will soon be used asTheo Buehler
defaults for building the system from source. ok deraadt
2016-11-09Remove /usr/libdata/perl5/site_perl, it is no longer needed.Todd C. Miller
OK tb@
2016-11-05Remove the obj, xobj and src directories from the base set.Robert Peichaer
The installer will create these directories during install. So local setups will not get overwritten during upgrades. idea from and OK deraadt@ with help from and OK tb@ feedback from and no objections halex@
2016-11-04spacingRobert Peichaer
2016-10-31Add the -d flag to the update command, so directories are createdTheo Buehler
with 'cvs up'. Prompted by a question by patrick keshishian, diff by Raf Czlonka. ok phessler, jca; mild opposition from schwarze
2016-10-14Build the bundle of GENERIC* kernels in using the new compile metods,Theo de Raadt
and de-escalate to $BUILDUSER. Much help from natano and tb.
2016-10-09Remove check for RELEASEDIR permissions, there are usecases where otherMartin Natano
filesystem permissions are required. requested by deraadt
2016-10-09Check that DESTDIR is on a noperm filesystem that's properly lockedMartin Natano
down and enforce reasonable permissions for RELEASEDIR. prodded by and ok deraadt ok tb
2016-10-07use better uid/gid for _switchdTheo de Raadt
2016-10-07first set -max limit, then -cur, otherwise if -cur si higher than the currentOtto Moerbeek
max, it won't be set. noted by Evgeny Grin; ok millert@
2016-10-06Add _switchdReyk Floeter
2016-10-06Add switchdReyk Floeter
OK deraadt@
2016-10-06Move vmd down as VMs might need the host's dhcpd, httpd etc. on startup.Reyk Floeter
OK mlarkin@ deraadt@
2016-10-06Print the root check error message to stderr. While there add the nameMartin Natano
of the target to the message to be more descriptive. ok deraadt tb
2016-10-06Build kernels as root for now. Otherwise we run into permission issuesMartin Natano
when the source tree is not owned by ${BUILDUSER}. ok deraadt
2016-10-05conditionally create obj & xobj same way that src is handledTheo de Raadt
ok natano
2016-10-05Change switch "wireless" to another example - bridging from VM toReyk Floeter
wireless in station mode is not supported.
2016-10-05De-escalate to an unprivileged users during 'make build' and 'make release'.Martin Natano
- If you start make build as root, everything will be run as root. Nothing new here. New is, that you can set BUILDUSER=somebody and the unprived parts will be run as somebody. - If you start make build with sudo, the unprived parts will be run as the real user (meaning YOU). You can still set BUILDUSER=somebody and the uprived parts will run as somebody. - If you start make build as a normal user it will error out. "I'm sorry Dave." Note that DESTDIR must be on partition with the noperm flag set for make release to work correctly as an unprivileged user. idea and ok deraadt input and ok tb ratchov millert rpe, halex and probably others where part of the conversation to make this happen, thanks!
2016-10-05Add support for enhanced networking configuration and virtual switches.Reyk Floeter
See vm.conf(5) for more details. OK mlarkin@
2016-10-04stop supporting SUDO builds. Something better is coming, so let'sTheo de Raadt
align everyone who is using SUDO builds towards the new strategy. ok natano
2016-09-27Run acpidump(8) at system startup and store ACPI tables in theRobert Peichaer
/var/db/acpi directory. Later sendbug(1) will use this data in bug reports. That directory is created by mtree. idea from and OK deraadt OK kettenis
2016-09-27Delay switch(4) interface start up so it can attach virtual interfacesRafael Zalamena
like vether(4). nits from and ok benno@, phessler@
2016-09-27Add unprivileged user for traceroute.Florian Obser
Input deraadt@ OK benno@, sthen@
2016-09-26+ _pingOtto Moerbeek
2016-09-26Add _ping user/group.Florian Obser
OK natano on a previous diff which used a different uid/gid. naddy@ pointed out that uid/gid was already taken on "important" systems. Turns out we cannot easily recycle freed up uids/gids so settle on 51.
2016-09-26Add /etc/acme-client.conf to mtree/special and changelist.Antoine Jacoutot
ok deraadt@ sthen@ florian@
2016-09-21the account key(s) live in /etc/acme; OK benno@Florian Obser
2016-09-18fix buildTheo de Raadt
2016-09-18add a config file parser to acme-client (unused at the moment, so thatSebastian Benoit
it can be worked on in the tree). ok florian@ deraadt@
2016-09-17pathnames for cert and key files need to be quoted.T.J. Townsend
reported by brynet
2016-09-17add example certificate and key files generated with acme-client.T.J. Townsend
ok florian
2016-09-14Do the same with less code.Robert Peichaer
OK halex
2016-09-13proxy uid/gid was split up for seperate purposes; it can go away now.Theo de Raadt
2016-09-11syncTheo de Raadt
2016-09-11cua/tty nodes only need group dialer, the initial uid does notTheo de Raadt
matter much -- and "uucp" is just stupid in 2016. ok rpe
2016-09-11Set owner for /etc/{passwd,pwd.db,spwd.db} and /var/sysmerge/etcsum.Martin Natano
from rpe
2016-09-11Add a few directories missed in the pastMatthieu Herrb
2016-09-11The /etc/{localtime,rmt}, /var/tmp and /sys symlinks and the etc tarballMartin Natano
should be owned by root. ok deraadt
2016-09-11syncTheo de Raadt
2016-09-11extra spacesTheo de Raadt
2016-09-10Unbreak ksh.kshrc by using a MI way of finding out the console device name.Robert Peichaer
Found by landry OK deraadt
2016-09-10Simplify setting the USER and UID variables.Robert Peichaer
While here, convert `` to $(). OK halex
2016-09-10Remove remnants of rlogin, it's long gone (2002).Robert Peichaer
OK halex
2016-09-10IdentationRobert Peichaer
OK halex, krw
2016-09-09print a clear error message when not ran as root instead of just fallingJasper Lievisse Adriaanse
through and try whatever it can do with the invoking user's perms feedback/ok aja@ rpe@
2016-09-09Convert [] to ksh style [[]] tests.Robert Peichaer
Based on a diff from Anthony Coulter. OK krw, halex